<?php 
session_start();
include_once "../db_connect.php"; // Connect to the database
include ("filter.php");// count the body post by spliting it with space

$mybadwords = new filteringbadwords; 
// Be sure the user session vars are all set
if (!isset($_SESSION['id']) || !isset($_SESSION['username']) || !isset($_SESSION['password'])) 
{
	echo "Your session has timed out";
	exit(); // This you will want to handle more smoothly
}
if (!isset($_POST['post_type']) || !isset($_POST['post_body']) || !isset($_POST['fsID']) || !isset($_POST['fsTitle']) || !isset($_POST['uid']) || !isset($_POST['upass']))
{
	echo "Important variables from the form are missing ";
	exit();
}
// Be sure all form variables are present to proceed
if (!isset($_POST['post_type']) || !isset($_POST['post_body']) || !isset($_POST['fsID']) || !isset($_POST['fsTitle']) || !isset($_POST['uid']) || !isset($_POST['upass'])) 
{
	echo "Important variables from the form are missing ";
	exit();
}
// Filter all of the common variables
$post_type = $_POST['post_type']; 
$post_body = $_POST['post_body'];
$isbad = $mybadwords-> filterbadwords($post_body); 
$post_body = mysql_real_escape_string($post_body);
$forum_section_id = preg_replace('#[^0-9]#i', '', $_POST['fsID']);
$forum_section_title = preg_replace('#[^A-Za-z 0-9]#i', '', $_POST['fsTitle']);
$member_id = preg_replace('#[^0-9]#i', '', $_POST['uid']);
$post_author = $_SESSION['fname'];
$member_password = mysql_real_escape_string($_POST['upass']);


if($isbad == "true")
{
echo "<font size='+2'>Your post contains illegal words that can harm other people retype your post</font>";
exit(); 
}

if ($_SESSION['id'] != $member_id || $_SESSION['password'] != $member_password) {
	echo "Your id and/or password is a mismatch";
	exit();
}

// Check the database to be sure that their ID, password, and email session variables all match in the database
$u_id = $member_id;
$u_name = mysql_real_escape_string($_SESSION['username']);
$u_pass = mysql_real_escape_string($_SESSION['password']);
$sql = mysql_query("SELECT * FROM tbl_account WHERE id='$u_id' AND username='$u_name' AND password='$u_pass'");
$numRows = mysql_num_rows($sql);

if ($numRows < 1) {
	    echo "ERROR: Your username and password doesn't exist in the system ";
	    exit();
}

// Check the database to be sure that this forum section exists
$sql = mysql_query("SELECT * FROM forum_sections WHERE id='$forum_section_id' AND title='$forum_section_title'");
$numRows = mysql_num_rows($sql);
if ($numRows < 1) {
	    echo "ERROR: That forum section does not exist";
	    exit();
}




// Prevent this member from posting more than 30 times in one day
$sql = mysql_query("SELECT id FROM forum_posts WHERE post_author_id='$member_id' AND DATE(date_time) = DATE(NOW()) LIMIT 32");
$numRows = mysql_num_rows($sql);
// Add this post to the database now. The query depends on the "post_type" value
// Only if the post_type is "a" ///////////////////////////////////////////////////////////////////////////////////
if ($post_type == "a") {
	$post_title = $_POST['post_title'];	
	if ($post_title == "") { echo "The Topic Title is missing "; exit(); }
	if (strlen($post_title) < 10) { echo "Your Title for your topic is less than 10 characters "; exit(); }
	
	$sql = mysql_query("INSERT INTO forum_posts (post_author, post_author_id, date_time, type, section_title, section_id, thread_title, post_body) VALUES('$post_author','$member_id',now(),'a','$forum_section_title','$forum_section_id','$post_title','$post_body')") or die (mysql_error());
	$this_id = mysql_insert_id();
	header("location: view_thread.php?id=$this_id"); 
    exit();
}

// Only if the post_type is "b" ////////////////////////////////////////////////////////////////////////////////////
if ($post_type == "b") {
	$this_id = preg_replace('#[^0-9]#i', '', $_POST['tid']);
	$post_title = preg_replace('#[^A-Za-z 0-9]#i', '', $_POST['thread_title']);
	if ($this_id == "") { echo "The thread ID is missing "; exit(); }
	
	
	//$sql = mysql_query("INSERT INTO forum_posts (post_author, post_author_id, otid, date_time, type, post_body,section_title,section_id,thread_title) VALUES('$post_author','$member_id','$this_id',now(),'b','$post_body','$forum_section_title','$forum_section_id,'$post_title')") or die (mysql_error());
	//$sql = mysql_query("INSERT INTO forum_posts (post_author, post_author_id, date_time, type, section_title, section_id, thread_title, post_body) VALUES('$post_author','$member_id',now(),'b','$forum_section_title','$forum_section_id','$post_title','$post_body')") or die (mysql_error());
	$sql = mysql_query("INSERT INTO forum_posts (post_author, post_author_id, otid, date_time,section_title, section_id, thread_title, type, post_body) 
	                                      VALUES('$post_author','$member_id','$this_id',now(),'$forum_section_title','$forum_section_id','$post_title' ,'b','$post_body')") or die (mysql_error());
	
	
	$post_body = stripslashes($post_body);
	
	echo $post_body;
}





?>